Skip site navigation (1) Skip section navigation (2)

Re: viewing source code

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com>
Cc: "'Trevor Talbot'" <quension(at)gmail(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Kris Jurka <books(at)ejurka(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, Bill Moran <wmoran(at)collaborativefusion(dot)com>, pgsql-performance(at)postgresql(dot)org
Subject: Re: viewing source code
Date: 2007-12-20 18:29:52
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-performance
Roberts, Jon escribió:
> So your suggestion is first to come up with a query that dynamically checks
> permissions and create a view for it.  Secondly, change pgAdmin to reference
> this view in place of pg_proc.  Actually, it should be extended to all
> objects in the database, not just pg_proc.  If you don't have this
> dictionary role, you shouldn't be able to look at any of the objects in the
> database unless you own the object or have been granted rights to the
> object.


Another thing that just occured to me was to rename pg_proc to something
else, and create the restricted view using the pg_proc name.  This
sounds dangerous in terms of internals, but actually the system catalogs
are invoked by OID not name, so maybe it will still work.

You do need to make sure that superusers continue to see all functions
though ... (the view test should really be "does the current user have
access to this function".)

Alvaro Herrera                      
The PostgreSQL Company - Command Prompt, Inc.

In response to

pgsql-performance by date

Next:From: Trevor TalbotDate: 2007-12-20 18:47:53
Subject: Re: viewing source code
Previous:From: Merlin MoncureDate: 2007-12-20 18:03:54
Subject: Re: viewing source code

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group